SSL Version

Stel Vlach · ‎07-07-2015

SSL developers just announced that they will release two updates tomorrow which will patch a high severity vulnerability. How am I able to check the SSL ver that my Cisco units use for https management ?

Thanks in advance.

Seb Rupik · ‎07-08-2015

Hi Stel,

Take a look at my answer here:

https://supportforums.cisco.com/discussion/12377606/how-check-if-3750-switch-using-sslv3

cheers,

Seb.

Stel Vlach · ‎07-08-2015

Hello Seb

Thanks for your reply. Didn't posted my question clear. I am looking for the openssl ver. used. Does the nmap works as well ?

Seb Rupik · ‎07-08-2015

I think that will be hard to determine without asking TAC. You could take a look here:

http://tools.cisco.com/security/center/publicationListing.x

..in particular:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150320-openssl

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl

Doing a bit of cross referencing between the CVEs mentioned in the updates and the software version you are running (assuming it is listed as vulnerable) you should be able to determine what version of openSSL the patched software contains to include the fix.

Hope that helps.

cheers,

Seb.

Stel Vlach · ‎07-09-2015

Think I found a better way (not so easy though).

Initially the IOS version is necessary. Then you should visit the Cisco downloads section and seek downloads for the image. The easiest way is to type the model’s part no. and then select the download tabs in the results. Finally you get a page with the final release and a list of all releases. After you find the exact image there is a link about Release Notes and Open Source Documentation. There you can find licensing and version info about openssl in cisco appliances

Seb Rupik · ‎07-09-2015

Ahah, much more accurate than my method, good find!